Dive Brief:
- Google released a new batch of security fixes for its Nexus smartphones and tablets.
- The fixes address flaws that could allow attackers to compromise the Android devices via rogue emails, Web pages and MMS messages.
- The updates address five vulnerabilities rated as critical, 12 rated as high and two rated as moderate.
Dive Insight:
One of the critical vulnerabilities is located in mediaserver, which is a core part of the OS. There, attackers can exploit the flaw by tricking users into playing specifically crafted media files. Three other media processing vulnerabilities can lead to remote code execution via email, Web browsing and MMS.
Google recommends users of older Android versions update to the latest version. Newer versions of the OS have security enhancements that can make exploitation of some vulnerabilities difficult or impossible.
In August, an Android security gap made it possible for hackers to attack Android phones simply by sending a text message. Zimperium estimated that 95% of Android users across the globe were subject to the vulnerability, dubbed Stagefright.